Herb Martin
Guest
|
 Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Primary & Secondary DNS Server Problem |
|
|
"Brian" <bhanley72@yahoo.com> wrote in message
news:#UKb0gK$EHA.2788@TK2MSFTNGP15.phx.gbl...
| Quote: | Hi Everyone,
I believe this to be a firewall issue. I have asked our firewall admin to
allow DNS lookups through and have not yet heard back. I'd like to thank
all
of you who responded to my questions for all of your help in
troubleshooting
this issue. It's nice to get such great help - especially without flaming
me
for not knowing what I'm doing ; )
|
If you knew (everything) there would be nothing for
us to do <grin>.
Seriously, these groups have a very low idiodicy to
help ratio. Almost everyone here tries to help or
seeks help respectfully.
--
Herb Martin
| Quote: |
Thanks Again
Brian
"Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
news:OfpxulB$EHA.2192@TK2MSFTNGP14.phx.gbl...
Hi all
What I was actually interested in at my last post was whether you could
do
a
lookup against the DNS server you're forwarding to from DNS2. In other
words, specify the forwarder as the DNS server and try to resolve
something
external. If this fails, you know you've got connectivity problems from
DNS2 to the forwarder. If it succeeds, you can rest assured that this
is
fine and move on to troubleshooting DNS2 itself.
HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to
email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Herb Martin" <news@LearnQuick.com> wrote in message
news:uQ1PA8k%23EHA.1564@TK2MSFTNGP09.phx.gbl...
"Brian" <bhanley72@yahoo.com> wrote in message
news:eGEeKUk#EHA.2180@TK2MSFTNGP10.phx.gbl...
"Herb Martin" <news@LearnQuick.com> wrote in message
news:eCfTujc%23EHA.2316@TK2MSFTNGP15.phx.gbl...
"Brian" <bhanley72@yahoo.com> wrote in message
news:O8JhJ5b#EHA.1292@TK2MSFTNGP10.phx.gbl...
I set the timeout to 20 seconds and it still fails. Looks like
it's
OUT.
Also, that DNS server fails the Recursive test when I do it in
the
DNS
gui
interface.
Failing the recursive test usually doesn't mean
as much for an internal server -- it may have no
access to the root servers (to do the recursion).
Does it pass the non-recursive test? Usually this
means you will NOT get a timeout even if you get
an incorrect answer.
DNS2 does pass the simple (non recursive) test. But fails the
recursive.
I'm wondering if I remove DNS from this server and re-add it that
will take care of the problem.
Probably not, but if you don't mind the work involved
in recreating the zone it is worth a try.
What happens if you use the nslookup from the SAME
server (ask itself).
When I first go to a cmd prompt and type "nslookup" on DNS2, the
default
server of DNS1 comes up as it's DNS server. Is this ok?
Sure but it won't help you.
If you just STAY out of the NSLookup shell by issuing
full command (hard to do at first):
nslookup whateverNAME dns2.ip.addr.ess
I then type "server
DNS2" to change the DNS server to itself. I can then do a DNS query
for
it's
own name and it returns instantly and with the correct IP address.
Here
is
output for both looking up itself, and looking up yahoo.com:
Then it is working and reachable from THAT machine.
DNS2
Server: DNS2.corp.us
Address: 172.15.91.63
Name: DNS2.corp.us
Address: 172.15.91.63
yahoo.com
Server: DNS2.corp.us
Address: 172.15.91.63
DNS request timed out.
timeout was 2 seconds.
*** Request to DNS2.corp.us timed-out
Ok, so it is only broken for Internet resolution?
Also, this may be a stupid question, but in the IP configuration of
both
my
DNS servers, I've got my internal DNS IP addresses as the DNS
servers.
Is
this a problem?
No, that is correct. INTERNAL machines (including
the DNS servers) must use ONLY Internal DNS servers
on their NIC->IP->DNS server properties.
I like Kevin's suggestion, make sure you have not disabled
RECURSION in the ADVANCED tab, as that turns off
all non-local lookups, both forwarding and physical
recursion from the root down.
Any firewall blocking this machine from performing it's
own recursion might cause this too.
Generally it is best to avoid most such problems and just
use the Forwarding tab to forward to a either your own
firewall/gateway Caching only DNS server or to your ISP.
In the latter case (forwarding to the ISP) your internal
server much have limited access to pass the firewall
however.
|
|
|
Brian
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Primary & Secondary DNS Server Problem |
|
|
Hi Everyone,
I believe this to be a firewall issue. I have asked our firewall admin to
allow DNS lookups through and have not yet heard back. I'd like to thank all
of you who responded to my questions for all of your help in troubleshooting
this issue. It's nice to get such great help - especially without flaming me
for not knowing what I'm doing ; )
Thanks Again
Brian
"Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
news:OfpxulB$EHA.2192@TK2MSFTNGP14.phx.gbl...
| Quote: | Hi all
What I was actually interested in at my last post was whether you could do
a
lookup against the DNS server you're forwarding to from DNS2. In other
words, specify the forwarder as the DNS server and try to resolve
something
external. If this fails, you know you've got connectivity problems from
DNS2 to the forwarder. If it succeeds, you can rest assured that this is
fine and move on to troubleshooting DNS2 itself.
HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Herb Martin" <news@LearnQuick.com> wrote in message
news:uQ1PA8k%23EHA.1564@TK2MSFTNGP09.phx.gbl...
"Brian" <bhanley72@yahoo.com> wrote in message
news:eGEeKUk#EHA.2180@TK2MSFTNGP10.phx.gbl...
"Herb Martin" <news@LearnQuick.com> wrote in message
news:eCfTujc%23EHA.2316@TK2MSFTNGP15.phx.gbl...
"Brian" <bhanley72@yahoo.com> wrote in message
news:O8JhJ5b#EHA.1292@TK2MSFTNGP10.phx.gbl...
I set the timeout to 20 seconds and it still fails. Looks like it's
OUT.
Also, that DNS server fails the Recursive test when I do it in the
DNS
gui
interface.
Failing the recursive test usually doesn't mean
as much for an internal server -- it may have no
access to the root servers (to do the recursion).
Does it pass the non-recursive test? Usually this
means you will NOT get a timeout even if you get
an incorrect answer.
DNS2 does pass the simple (non recursive) test. But fails the
recursive.
I'm wondering if I remove DNS from this server and re-add it that
will take care of the problem.
Probably not, but if you don't mind the work involved
in recreating the zone it is worth a try.
What happens if you use the nslookup from the SAME
server (ask itself).
When I first go to a cmd prompt and type "nslookup" on DNS2, the
default
server of DNS1 comes up as it's DNS server. Is this ok?
Sure but it won't help you.
If you just STAY out of the NSLookup shell by issuing
full command (hard to do at first):
nslookup whateverNAME dns2.ip.addr.ess
I then type "server
DNS2" to change the DNS server to itself. I can then do a DNS query for
it's
own name and it returns instantly and with the correct IP address. Here
is
output for both looking up itself, and looking up yahoo.com:
Then it is working and reachable from THAT machine.
DNS2
Server: DNS2.corp.us
Address: 172.15.91.63
Name: DNS2.corp.us
Address: 172.15.91.63
yahoo.com
Server: DNS2.corp.us
Address: 172.15.91.63
DNS request timed out.
timeout was 2 seconds.
*** Request to DNS2.corp.us timed-out
Ok, so it is only broken for Internet resolution?
Also, this may be a stupid question, but in the IP configuration of
both
my
DNS servers, I've got my internal DNS IP addresses as the DNS servers.
Is
this a problem?
No, that is correct. INTERNAL machines (including
the DNS servers) must use ONLY Internal DNS servers
on their NIC->IP->DNS server properties.
I like Kevin's suggestion, make sure you have not disabled
RECURSION in the ADVANCED tab, as that turns off
all non-local lookups, both forwarding and physical
recursion from the root down.
Any firewall blocking this machine from performing it's
own recursion might cause this too.
Generally it is best to avoid most such problems and just
use the Forwarding tab to forward to a either your own
firewall/gateway Caching only DNS server or to your ISP.
In the latter case (forwarding to the ISP) your internal
server much have limited access to pass the firewall
however.
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in